> > As I understand it, OpenSSL will call abort() when it detects attack
> > against any hole in SSL.
>
> Unh, no.  The only time it calls abort is with -DREF_CHECK, and if a
> reference count is less than zero, which is a "can't happen" condition.

the new patches that fix various buffer overflows in SSL code call abort()
anytime attacker wants.

arne


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to